Why Did Vercel Get Breached? What We Know About the April 2026 Attack

Vercel powers than 4M websites and processes 30B requests every week. That scale makes it an attractive target. On April 19, 2026, a ShinyHunters-affiliated threat actor claimed a breach of Vercel’s internal systems not by attacking Vercel’s platform directly, but by stealing OAuth credentials from a third-party AI tool connected to Vercel’s Google Workspace. The attacker is now demanding a $2M ransom and has listed the alleged data on BreachForums.